Before installing Identity Governance, it is important that you review the prerequisites and considerations.
You can install Identity Governance and OSP in a stateless cluster. For more information about the installation requirements, see Section 1.7.5, Ensuring High Availability for Identity Governance.
For best performance, do not install Identity Governance on the same server as its databases. However, the Identity Governance server must include the supported versions of Java, and Tomcat application server.
Do not install Identity Governance or its database on a server that is already running components for Identity Manager. For example, do not install on the same server as Identity Manager Home and Provisioning Dashboard.
You must use Latin-1 characters in the installation path.
Do not use mixed case domains. Identity Governance utilizes OAuth2 for authentication. OAuth2 does not support mixed case domains. For more information, see RCF 3986 Section 6.2.1 Simple String Comparison
.
To use an authentication server as your data source for Identity Governance users, ensure that you have Active Directory or eDirectory already installed. For more information, see Adding Identity Governance Users
in NetIQ Identity Governance Administrator Guide.
When you point to the installation directory for Java, it must be a supported OpenJDK instance used by the Tomcat server.
Ensure that the communication ports that you want to use are open in the firewall. For more information, see Section B.0, Ports Used in Identity Governance.
To integrate Identity Governance with Identity Manager, the Identity Manager component must already be installed and configured with OSP.
To use TLS auditing, the audit server should be up and running when you install Identity Governance so that the installer can connect to the audit server and retrieve the certificate to add to the keystore.
Before installing Identity Governance, you need the following information:
Paths to your Tomcat and Java directories.
Credentials of a database administrator (DBA) account that can access and modify data in the databases to create database tables, views, and other artifacts.
NOTE:If you do not have credentials for the DBA, the installation process can generate a SQL script that the DBA runs to configure the databases.
DNS host name and port of your Identity Governance server. Identity Governance uses the IP address or DNS name as the URL for users to access Identity Governance.
(Conditional) When using an LDAP authentication server, you need the following information:
Credentials of an administrator account for the server.
The container in the server where you store administrator accounts.
The container in the server where you store the accounts for users who can log in to Identity Governance.
(Conditional) To use an Identity Manager authentication server, you must have the distinguished name (DN), password, user container, and admin container of an administrator account for the server.
(Conditional) To use an Identity Manager authentication server or TLS auditing, you must have the trust store password for the server.
For best performance, do not install Identity Governance on the database server, however, the database server and the Identity Governance server must run in the same subnetwork. Also, ensure that the database is running the supported versions of Java and the Tomcat application server.
DNS host name and port of your database server.
DNS host name and port of your ActiveMQ server if it is installed on a separate server.
(Conditional) If using Access Manager for the authentication service, the Access Manager administrator account distinguished name (DN) and password.
It is important that you review the following prerequisites and considerations before starting the installation process.
When installing Identity Reporting, consider the following prerequisites and considerations:
This guide provides information about installing Identity Reporting for use with Identity Governance only. If you have already installed Identity Reporting with Identity Manager 4.5 or later, you might not need to install it again for Identity Governance. Ensure that you have the appropriate version of Identity Reporting. For more information about installing with Identity Manager, see:
You can install Identity Reporting on the same server as Identity Governance, and the two products use the same Tomcat instance, or you can install it on a separate server running Tomcat.
(Conditional) To run reports against a Microsoft SQL Server database, you must install the appropriate JDBC driver file. For example, mssql-jdbc-7.0.0.jar. For more information, see https://docs.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server?view=sql-server-2017.
(Conditional) To run reports against an Oracle 12c database, you must install the appropriate JDBC driver file. For example, ojdbc8.jar. For more information, see https://www.oracle.com/technetwork/database/features/jdbc/jdbc-drivers-12c-download-1958347.html.
Assign the Report Administrator authorization to any users that you want to be able to access the reporting functionality.
Ensure that all servers in your Identity Governance environment are set to the same time, particularly the servers for the database and events auditing components. If you do not synchronize the time on your servers, some reports might be empty when executed. For example, this issue can affect data related to new users when the servers hosting Identity Governance and the reporting databases have different time stamps.